Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
References
Link | Resource |
---|---|
https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef | Patch Third Party Advisory |
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json | Third Party Advisory |
https://gitlab.com/libtiff/libtiff/-/issues/362 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/ | |
https://security.gentoo.org/glsa/202210-10 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220318-0001/ | Third Party Advisory |
https://www.debian.org/security/2022/dsa-5108 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Nov 2022, 19:12
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202210-10 - Third Party Advisory |
31 Oct 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/03/msg00001.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5108 - Third Party Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220318-0001/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZEHZ35XVO2VBZ4HHCMM6J6TQIDSBQOM/ - Mailing List, Third Party Advisory | |
First Time |
Netapp
Netapp ontap Select Deploy Administration Utility |
|
CPE | cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* |
25 Mar 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Mar 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Mar 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Feb 2022, 21:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Fedoraproject Debian Libtiff libtiff Fedoraproject fedora Redhat enterprise Linux Libtiff Redhat |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 5.5 |
CWE | CWE-476 | |
References | (MISC) https://gitlab.com/freedesktop-sdk/mirrors/gitlab/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef - Patch, Third Party Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0561.json - Third Party Advisory | |
References | (MISC) https://gitlab.com/libtiff/libtiff/-/issues/362 - Exploit, Issue Tracking, Patch, Third Party Advisory |
11 Feb 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-11 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-0561
Mitre link : CVE-2022-0561
CVE.ORG link : CVE-2022-0561
JSON object : View
Products Affected
libtiff
- libtiff
netapp
- ontap_select_deploy_administration_utility
redhat
- enterprise_linux
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-476
NULL Pointer Dereference